public/vdc.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # vdc is a helper program for making Binder calls to vold.  It is spawned from
 # init for various reasons, such as initializing file-based encryption and
 # metadata encryption, and managing userdata checkpointing.
 #
 # We also transition into this domain from dumpstate, when
 # collecting bug reports.

 type vdc, domain;
 type vdc_exec, system_file_type, exec_type, file_type;

 # vdc can be invoked with logwrapper, so let it write to pty
 allow vdc devpts:chr_file rw_file_perms;

 # vdc writes directly to kmsg during the boot process
 allow vdc kmsg_device:chr_file { getattr w_file_perms };

 # vdc talks to vold over Binder
 binder_use(vdc)
 binder_call(vdc, vold)
 allow vdc vold_service:service_manager find;
	# vdc is a helper program for making Binder calls to vold. It is spawned from
	# init for various reasons, such as initializing file-based encryption and
	# metadata encryption, and managing userdata checkpointing.
	#
	# We also transition into this domain from dumpstate, when
	# collecting bug reports.

	type vdc, domain;
	type vdc_exec, system_file_type, exec_type, file_type;

	# vdc can be invoked with logwrapper, so let it write to pty
	allow vdc devpts:chr_file rw_file_perms;

	# vdc writes directly to kmsg during the boot process
	allow vdc kmsg_device:chr_file { getattr w_file_perms };

	# vdc talks to vold over Binder
	binder_use(vdc)
	binder_call(vdc, vold)
	allow vdc vold_service:service_manager find;